News

iPhones have been hacked by malicious sites for two years

Before we get started

After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.

CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.

mac-pc

Researchers from Google have discovered a number of malicious websites that have been used for at least two years to infiltrate iPhones.

On Thursday night, the analysts, who work at Project Zero (Google’s cyber security division), detailed their findings in a deep-dive technical blog.

Security research specialist Ian Beer wrote: “There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”

Once the implant had infiltrated that particular iPhone, it was able to steal not only photos but also messages as well as GPS location data all in real-time.



The blog post did not reveal precisely how many of these malicious sites there were, but according to the researchers’ best estimates, each one of them received thousands of unsuspecting visitors every week.

The hacks started with iOS 10 and were only patched with iOS 12.

According to Beer, this is an indication that there had been a “sustained effort” to gain unauthorised access to iPhones over the last two years.

The websites in question used five different methods, also known as “exploit chains”, to get access to iPhones.

The research team discovered 14 vulnerabilities that could be exploited by these exploit chains.

No fewer than seven of them were discovered in Safari the default web browser on all new iPhones.

The researchers reportedly informed Apple about their discovery in February 2019.

They gave the Cupertino-based firm an unusually short seven days to fix the bugs.

Apple took up the challenge and, within six days, it released the necessary iOS 12 security update.

As far as security is concerned, Apple normally has quite a solid track record.

Last month, for example, it increased the amount of money that it is prepared to pay as a bug bounty (i.e. for software bugs discovered by security researchers) to $1m.

Tags

About the author

Chris

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.